Tag Archives: active directory

This script will significantly decrease the length of time taken to create device collections in SCCM. I created this script for a college where I deployed SCCM 2012, it allowed the college to mass create the device collections required for their environment.

First of all we will need to import the SCCM Powershell Module as shown below.
Note the SMSSITECODE variable will be your 3 letter SCCM Site Code and the location of the Module will need to match the installation path of SCCM.

There are two parts to this script, the first is the command to create the new device collection (New-CMDeviceCollection) with its given parameters. The second is to add a query membership rule which will specify how the collection is populated (Add-CMDeviceCollectionQueryMembershipRule)

The RefreshType parameter in the example has been set to ‘Both’, this ensures the device collection is populated on the schedule which has been specified and it also uses the Incremental Updates setting of SCCM 2012 to ensure newly added devices in between the schedule are also added. The alternative options for this are ‘ConstantUpdate’, ‘Periodic’ or ‘Manual’.

When faced with a situation where you have an OU full of users who need to be forced to change password at logon your first option may instinctively be the GUI – Active Directory Users and Computer. This may seem a lot easier than powershell as you only need to highlight all the users, select properties and set the checkbox and there you have it.

However, if you needed to reverse the situation, you are not able to use the same procedure to select the checkbox for all users. This is where powershell saves the day. Here are the steps you need to take:

First things first, Launch a Powershell Window with the Active Directory module

Next, we need to get a list of Active Directory users that match our parameters, for this we will use the Get-ADUser cmdlet with a filter for all users in the OU called Users in my domain.

Get-ADUser -Filter * -SearchBase "OU=Users,DC=justinfra,DC=co,DC=uk

The next step would be to use the | (pipe key) to pipe the results from that search and set the properties for each user account. A quick reference from TechNet Library for the Get-ADUser cmdlet will list -changepasswordatlogon as an available parameter. So we would need to use a foreach-object command to set this property. Here is the full powershell command: